Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-14294

Cross Site Scripting - Stored

    XMLWordPrintable

Details

    • Easy

    Description

      Application is vulnerable to Stored XSS in User Profile section due to improper sanitation of user input. XSS stayed in 3rd category of OWASP. This can lead to domain compromise.

      There are about seven fields which is vulnerable to XSS.
      1. First Name
      2. Last Name
      3. Company
      4. Email
      5. Phone
      6. Blog
      7. Blog Feed

      To Reproduce - Enter <script>alert(document.cookie)</script> in any of the above mentioned fields.

      Reference - https://www.owasp.org/index.php/Top_10_2017-A3-Cross-Site_Scripting_%28XSS%29

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. XWIKI-9658 XSS in the user profile

          • Major - Major loss of function.
          • Closed

          Activity

            People

              mflorea Marius Dumitru Florea
              sudson08 Sudhakar Dwivedi
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: